A Provably Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment

Banerjee, Soumya; Odelu, Vanga; Das, Ashok Kumar; Jangirala, Srinivas; Kumar, Neeraj; Chattopadhyay, Samiran; Choo, Kim‐Kwang Raymond

doi:10.1109/jiot.2019.2923373

Cited by 124 publications

(73 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, we use the stronger threat model, known as the "Canetti and Krawczyk's (CK) adversary model" [10], wherein the adversary A, in addition to having all capacities of the DY-therat model, can also compromise ephemeral information like session-specific states and keys. Thus, in the presence of the CK-adversary, a user authentication scheme must be designed such that leakage of ephemeral secrets should have minimal impact on the security of unrelated entities in the authenticated key-exchange scheme [11].…”

Section: Network and Threat Modelsmentioning

confidence: 99%

See 1 more Smart Citation

An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments

Banerjee

Odelu

Das

et al. 2020

Sensors

Self Cite

View full text Add to dashboard Cite

In recent years, the Internet of Things (IoT) has exploded in popularity. The smart home, as an important facet of IoT, has gained its focus for smart intelligent systems. As users communicate with smart devices over an insecure communication medium, the sensitive information exchanged among them becomes vulnerable to an adversary. Thus, there is a great thrust in developing an anonymous authentication scheme to provide secure communication for smart home environments. Most recently, an anonymous authentication scheme for smart home environments with provable security has been proposed in the literature. In this paper, we analyze the recent scheme to highlight its several vulnerabilities. We then address the security drawbacks and present a more secure and robust authentication scheme that overcomes the drawbacks found in the analyzed scheme, while incorporating its advantages too. Finally, through a detailed comparative study, we demonstrate that the proposed scheme provides significantly better security and more functionality features with comparable communication and computational overheads with similar schemes.

show abstract

Section: Network and Threat Modelsmentioning

confidence: 99%

“…Proof. We design our proof on the lines of the proofs that presented in [11,31,32]. Four sequential games, say G i , i ∈ [0 − 3], are played.…”

Section: Formal Security Analysis Through Real-or-random Modelmentioning

confidence: 99%

An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments

Banerjee

Odelu

Das

et al. 2020

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…Besides, due to limited battery life of IoT devices, it is significant to design lightweight authentication mechanism. Many lightweight protocols [16], [17] were proposed by using of bitwise XOR and hash operations. Additionally, compared with two-factor authentication protocols, threefactor authentication protocol using users' smart cards, pass-words and biometrics can provide strong security against some attacks, such as stolen-smartcard attacks and passwordguessing attacks.…”

Section: A Motivationsmentioning

confidence: 99%

“…ROR model: There are three communication participants including GW N , S j , U i in this protocol. The model considers the followings [16].…”

Section: A Formal Security Analysis Based On Real-or-random Modelmentioning

confidence: 99%

See 1 more Smart Citation

A Physically Secure, Lightweight Three-Factor and Anonymous User Authentication Protocol for IoT

2020

View full text Add to dashboard Cite

Internet of Things has remarkable effects in human's daily life. It is important for users and sensors to securely access data collected by low-cost sensors via Internet in real-time IoT applications. There exist many authentication protocols for guaranteeing secure communication between users and sensors. However, in some protocols, the privacy of unattended sensors subjected to capture node attacks cannot be guaranteed. Moreover, the sensors subjected to physical tampering attacks can still execute normally the authentication process. Besides, an authentication protocol should be lightweight due to the restricted computing power and storage of the sensors. The idea of designing a more secure and lightweight authentication protocol engender this article. The proposed protocol can provide the physical security through physically unclonable function (PUF), require no additional phase to update challenge-response pairs (CRPs), and store a single CRP for each sensor. At the same time, the proposed protocol utilizes three factors, such as personal biometrics, smartcard and password, to strengthen the security contrasting with two factors, and manipulates some basic cryptographic operations, including bitwise-exclusive-OR (XOR) and hash function, to achieve the lightweight performance. Moreover, both formal security analysis based on Real-Or-Random (ROR) and informal security analysis demonstrate the security of the proposed protocol. Compared with the existing related protocols, the proposed protocol has the advantage in terms of security, functionality and computation costs. Finally, a NS3 simulation on measuring various network performance parameters indicates that the proposed protocol is practical in IoT environment. INDEX TERMS Internet of Things, key agreement, physical unclonable function, mutual authentication, NS3 simulation.

show abstract

FogSec: A secure and effective mutual authentication scheme for fog computing

Raja Sree,

Harish,

Veni

2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryAs opposed to cloud servers, fog servers, and fog users may be malicious, so developing a mutual identity‐preserving authentication mechanism between them is a crucial and difficult problem in fog computing. Such a technique must conceal the user's true identity from the adversary; otherwise, the adversary will be able to determine which fog user and fog server are in communication. This article suggests a secure and reliable anonymous mutual authentication system for use at the network's edge between fog users and fog servers. With the aid of the registration authority (RA) in our system, they can verify one another and decide on a new session key that will be used to encrypt messages throughout the session. Fog users don't need to re‐register with RA to wander freely over the network and authenticate to any fog server that is within their range. The proposed technique only needs a small number of symmetric encryption/decryption and one‐way hash functions, making it easy to implement for fog‐user devices with limited resources. The new scheme's performance is evaluated in comparison to the existing one, showing that it is more resilient to various types of assaults (such as known plaintext attacks, man‐in‐the‐middle attacks, session hijacking, etc.). The widely used Automated Validation of Internet Security Protocols and Applications tool is used to verify the proposed system. The outcomes demonstrate that our approach can safely withstand different attacks and accomplish the desired outcomes. Additionally, the proposed method is tested in real‐world scenarios with the NS3 simulator.

show abstract

A Provably Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment

Cited by 124 publications

References 49 publications

An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments

An Efficient, Anonymous and Robust Authentication Scheme for Smart Home Environments

A Physically Secure, Lightweight Three-Factor and Anonymous User Authentication Protocol for IoT

FogSec: A secure and effective mutual authentication scheme for fog computing

Contact Info

Product

Resources

About